Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-644 (对HTTP头部进行脚本语法转义处理不恰当) — Vulnerability Class 45

45 vulnerabilities classified as CWE-644 (对HTTP头部进行脚本语法转义处理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers — @fastify/reply-from 7.5 -2026-04-15
CVE-2025-66485 Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera Shares 5.4 Medium2026-04-01
CVE-2026-33149 Tandoor Recipes Vulnerable to Host Header Injection — recipes 8.1 High2026-03-26
CVE-2025-14807 IBM InfoSphere Information Server is vulnerable to HTTP header injection — InfoSphere Information Server 6.5 Medium2026-03-25
CVE-2025-13213 Multiple vulnerabilities in IBM Aspera Orchestrator — Aspera Orchestrator 5.4 Medium2026-03-10
CVE-2025-36227 Multiple vulnerabilities in IBM Aspera Faspex — Aspera Faspex 5 5.4 Medium2026-03-10
CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps — PcVue 6.5AIMediumAI2026-02-26
CVE-2025-27901 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUW 6.5 Medium2026-02-17
CVE-2026-26234 JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax — JUNG Smart Visu Server 8.8 High2026-02-12
CVE-2024-51451 Multiple Vulnerabilities in IBM Concert Software — Concert 6.5 Medium2026-02-04
CVE-2025-52660 HCL AION is affected by an Host Header Injection vulnerability — AION 2.7 Low2026-01-19
CVE-2025-64425 Coolify has host header injection in forgot password — coolify 8.0 -2026-01-05
CVE-2025-13803 MediaCrush Header paths.py http headers for scripting syntax — MediaCrush 7.3 High2025-12-01
CVE-2025-13434 jameschz Hush Framework HTTP Host Header Util.php http headers for scripting syntax — Hush Framework 5.3 Medium2025-11-20
CVE-2025-36223 IBM OpenPages Host Header Injection — OpenPages 5.4 Medium2025-11-12
CVE-2025-64484 OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation — oauth2-proxy 8.5 High2025-11-10
CVE-2025-52647 HCL BigFix WebUI is affected by a host header poisoning vulnerability — BigFix WebUI 6.1 Medium2025-10-10
CVE-2024-40686 IBM SmartCloud Analytics - Log Analysis HOST header injection — SmartCloud Analytics Log Analysis 5.4 Medium2025-07-23
CVE-2025-40631 HTTP host header injection vulnerability in IceWarp Mail Server — Icewarp Mail Server 6.1AIMediumAI2025-05-16
CVE-2025-24339 Bosch Rexroth ctrlX OS 安全漏洞 — ctrlX OS - Device Admin 5.0 Medium2025-04-30
CVE-2025-2950 IBM i improper HTTP header neutralization — i 5.4 Medium2025-04-18
CVE-2022-43847 IBM Aspera Console HTTP header injection — Aspera Console 5.4 Medium2025-04-14
CVE-2025-0154 IBM TXSeries for Multiplatforms information disclosure — TXSeries for Multiplatforms 5.3 Medium2025-04-02
CVE-2025-27632 Hitachi Energy TRMTracker 注入漏洞 — TRMTracker 6.1 Medium2025-03-25
CVE-2023-35894 IBM Control Center HOST header injection — Control Center 5.4 Medium2025-03-07
CVE-2025-23191 Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP — SAP Fiori for SAP ERP 3.1 Low2025-02-11
CVE-2024-30129 HCL Nomad server on Domino is affected by a host header injection vulnerability — Nomad server on Domino 5.3 Medium2024-12-06
CVE-2024-10006 Consul L7 Intentions Vulnerable To Headers Bypass — Consul 8.3 High2024-10-30
CVE-2024-47549 Sharp MFP 安全漏洞 — Sharp Digital Full-color MFPs and Monochrome MFPs 7.4 High2024-10-25
CVE-2023-26289 IBM Aspera Orchestrator HTTP header injection — Aspera Orchestrator 5.4 Medium2024-07-30

Vulnerabilities classified as CWE-644 (对HTTP头部进行脚本语法转义处理不恰当) represent 45 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.